Overview of the French project and the debate in France

lundi 27 juin 2005, par Source externe
An excerpt from LSE Report ("The Identity Project") - Chapter 7, France section, pp.66-70.


The French have a long history of identity documents, numbers, and markings. In 1832, the French stopped branding criminals, but the following year they implemented a central store of information on repeat offenders. In the 1800s all movement within the country was monitored through the use of internal passports, permitting police to follow the travels of migrants. Eventually this was abandoned on grounds of civil liberties in the 3rd Republic. But at the same time, the new Government invented a new identity card with a fingerprint and central records storage, implemented in the 1920s, though only in one French Department (Seine). This system was not implemented across the entire country due to strong resistance, mainly from the French Human Rights League, the CGT Union. [1] This changed under the Vichy regime. The system was then generalized and complemented by an identification number, together with the mandatory declaration of any change of residence address. [2]

In response to the fall of the Vichy regime, the card was changed in 1955 to remove reference to religious belief (particularly the tag ‘Juif’). The central records-file was also abolished. In 1974 the Government decided to phase out the collection of the fingerprint, and began moving towards an optional card, where the holder’s address had only an indicative value. This gradual reduction in the regime represents a stronger regard for civil liberties in the face of identity cards.

A first attempt to introduce a digitized ID card (originally promised to combat illegal immigration, terrorism, and identity theft) was halted in 1981 after a change of Government, but 1987 saw the introduction of a new identity card, made of plastic and designated as ‘secure’. [3] This is the form of the current national ID card. It is not mandatory and, while a fingerprint is taken, it is not digitized and does not appear on the card. It is stored securely, and only on paper. While it can be accessed by a judge, in a specific case where the police already have a suspect, conditions for access are tightly regulated. [4]

A central database has been introduced, but it is limited only to the delivery of the card system. The information on the database is kept to a minimum, and apart from the information on the card, it includes information on the history of the card, though no audit trail of its use is generated. This information may only be accessed by those responsible for the management of the card system. Although the police may access information in the database, they are limited to accessing the name, sex, birth date, and card number, only in circumstances involving an offence. [5] The linking of one file with any other is disallowed. There are also strict rules regarding the reading of the cards : when read electronically, the card information cannot be stored unless it is for card management purposes. Contact with the central register is only permitted to verify whether the card has been stolen. [6] To this day, in France there are continued negative responses to the centralisation of personal information. [7]

Currently, there are two separate innovations planned for the French card. One is emerging from the Ministry of State Reform, the other from the Interior Ministry.

France I : E-Government Strategic Plan

The French Minister for State Reform is overseeing the implementation of a strategic plan to provide services to citizens, the private sector, and the public sector supported by e-government initiatives. [8] The plans emphasises the need for user-friendly and accessible solutions that create a climate of trust.

In its plan to enhance e-government, the French Ministry of State Reform aims for a user-oriented system, allowing for multiple forms of identification. The emphasis is on simplicity and proportionality, and the amount of information collected will be minimised to increase the confidence of users. The French Ministry of State Reform acknowledges that e-government gives rise to two contradictory requirements :

- simplifying registration and personal data management for the users would entail breaking down the barriers between government departments, making exchanges flow more smoothly without the user being systematically asked repeatedly for documents, for example, which he has already supplied ;
- upholding the protection of personal data, which may in fact restrict the interconnections between government departments.

The French Ministry of State Reform is clear on how to resolve this conflict :

“Government guidelines are clear : do not authorise uncontrolled generalised exchanges between departments. However, the development of e-government must grant citizens more transparency in the monitoring of their administrative papers and better control of their personal details (confidentiality, right to access and correct data regarding them).” [9]

To enable this, the Government intends to provide tools and services “which will enable [citizens and professionals] to exercise their rights more simply and completely.” These tools and services include :

Decentralised Storage of Data

The French Ministry of State Reform is aware that there are several options available, including centralising all the data of every user, but notes that, “This solution is not implemented in any country, for obvious reasons of individual freedoms and near technical impossibility.” The French Government proposes instead that all data will remain decentralised within each department.

Distributed Identifiers The French strategy acknowledges that the easiest solution would be to call for a unique universal identifier for all citizens, but the French designers have foremost in mind that privacy law was created to prevent a situation such as this. They further note that the Germans consider such an approach to be an unconstitutional practice. The French Government position states :

“It should be remembered that, with regard to e-government, the State must take a stance as guarantor (of individual freedoms, the authenticity and enforceability of dematerialised procedures and actions, the security of actions carried out by public servants, etc.) and the Government wishes to confirm this position clearly both in the formulation of the decisions taken and in their methods of application.”

As a result, French authorities do not see the need for anything more than sectoral identifiers to preserve rights. They also admit that a solution such as the national registry in the UK, that would include a listing of all relevant identifiers, “would probably not go down too well in our country” [10]. Instead the French Ministry of State Reform calls for the creation of an ‘identity federator’ :

“the most successful solution consists of creating an identity federator, enabling the user to use the single identifier to access each of the services of his or her choice without either the government databases or the identity federator itself being able to make the link between the different identifiers.”

Further proposals include an on-line environment where the user can verify all the usage of her personal information, and give consent if information needs to be shared between departments. At the same time, the French Ministry of State Reform wishes to preserve the ability of users to not identify themselves to government departments.

The French Ministry of State Reform has chosen to follow a proportionate path to identification and data management. Their systems will, at a technological level, be less complicated, and will be more resilient to attack and failures. The Government sees the benefits of e-government, but understands and resists the temptation to coalesce or link all personal information held by government departments. In order to ensure user trust and adaptability of current and future systems there will therefore be no central registry, no single identifier, nor a centralised list of identifiers.

France II : The Ministry of Interior Proposal

The interior ministry is at the same time proposing a completely different card. The project is entitled ‘Identité national électronique sécurisée’, or ‘INES’ project. It was officially announced in February 2005.

This system in many ways mirrors the UK’s Identity Card Bill. The card will contain facial and fingerprint biometrics (2 fingerprints, among the 6 taken). These biometrics will be stored in a central database. As in the UK, the French Government asserts that this is inevitable because of international requirements from the ICAO to adopt a biometric passport, and adds that it should comply with the EU Council decision of December 13, 2004, which applies to countries party to the Schengen agreement.

There will also be a few variations on the UK proposal. The chip on the card is predicted to be a contact-less card, allowing card-readers to ascertain the information at a distance. The card will also be programmable, as the Government wishes it to become an electronic wallet. The Government is clear that it wishes this card to be made mandatory. [11]

Civil liberties groups have voiced numerous concerns regarding the proposal, [12] asking for clarification of the nature of the ‘international requirements’, and recalling imagery from the Vichy regime. [13]

Identity theft and fraud, particularly by terrorists, is given as one of the principal reasons for the new card system ; however, a coalition of civil liberties groups, among them unions of attorneys and of magistrates, has pointed out that the French Ministry of Interior itself recognizes that France has no statistics to evaluate the scope and the nature of the identity theft phenomenon. The French Government relies only upon the statistics from the US and the UK.

The coalition also considers the argument that the cards would aid in combating terrorism to be merely ‘an alibi’, and points out that, in almost all of the most violent attacks in France, the terrorists used their own identities. A similar conclusion was reached by the President of the French National Observatory of Delinquency, who considers that identity fraud : “remains quantitatively marginal in criminal matters, while it is increasing in the commercial sector”. [14]

The proposal is likely to face significant scrutiny. When the Government first introduced this project, it opened up a consultation session. However, during this consultation process, it was announced that the policy had already been decided. A draft law was released and is under review by the CNIL, the equivalent to the UK Information Commissioner (although with far greater powers).

In June 2005 a consultative report was released by the Forum for Civil Liberties on the Internet (“Le Forum des droits sur l’internet”). [15] This NGO was asked by then-Minister of the Interior Dominique de Villepin to conduct a consultation on the proposed scheme.

The report found that the plans were overly vague, and therefore called for :
- better studies on identity fraud
- the decoupling of the project from the passport system
- studies on the risks of using a single identifier
- the responsibility for the project be shifted to the privacy commission
- the creation of a new social contract between the citizen and the state
- studies on the contact-less nature of the chip
- a clear statement from the Government on whether the card will be required for commercial transaction
- assurances that the card would be free at enrolment (though individuals could be charged for renewal or loss)
- a clear Parliamentary debate on the obligatory nature of the card.

A law implementing the system is likely to be introduced into the French Parliament in September 2005.

The full report is available on the LSE ID card project webpage

[1] Audition de M. Gérard NOIRIEL historien, directeur d’Etudes à l’Ecole des Hautes Etudes en Sciences Sociales (EHESS), presentation given to the Commission Nationale de L’Informatique et des Libertés, February 15, 2005.

[2] Audition de M. Pierre Piazza, presented to the Commission Nationale de L’Informatique et des Libertés, April 8, 2005.

[3] Décret n°87-178 du 19 mars 1987 portant création d’un système de fabrication et de gestion informatisée des cartes nationales d’identité. Journal officiel du 20 mars 1987, pages 3174-3175.

[4] Article 5, ‘Décret n°55-1397 du 22 octobre 1955 : Décret instituant la carte nationale d’identité’, available at http://www.legifrance.gouv.fr/texte...

[5] Article 11.

[6] Article 12.

[7] Audition de M. Gérard NOIRIEL.

[8] The French E-Government Strategic Plan (PSAE) 2004-2007, http://www.adae.gouv.fr/IMG/rtf/Le_....

[9] Ibid, page 13.

[10] Ibid, page 15.

[11] Public Declaration to the press by Dominique de Villepin, the then Ministry of Interior, April 12, 2005.

[12] ‘INES de la suspicion au traçage generalise’, Ligue des droits de l’homme, Syndicat de la magistrature, Syndicat des avocats de France, association Imaginons un reseau Internet solidaire (IRIS), intercollectif Droits et Libertes face a l’informatisation de la societe (DELIS), Association française des juristes democrates, May 2005, available at http://www.iris.sgdg.org/actions/in....

[13] Audition de Mme Meryem Marzouki, Présidente de l’association IRIS (Imaginons un réseau Internet solidaire), chargée de recherches au CNRS, presentation given to the Commission Nationale de L’Informatique et des Libertés, May 9, 2005.

[14] Audition de M. Alain Bauer, Président du conseil d’orientation de l’Observatoire national de la délinquance, de l’Institut national des hautes études de sécurité, presentation given to the Commission Nationale de L’Informatique et des Libertés, April 12, 2005.

[15] ‘Project de carte nationale d’identite electronique’, un rapport part Le Forum des droits sur l’internet’, 16 juin, 2005, available at http://www.foruminternet.org/telech....